From 3cd20f480990c4ffe6e5d2566eadfd5a0d5cbc7d Mon Sep 17 00:00:00 2001 From: Roland Shoemaker Date: Tue, 13 Apr 2021 17:35:58 -0700 Subject: [PATCH] reports: add remaining triaged CVEs And add the false-positives to the triaged-cve-list. Change-Id: I64188841372d99d6b91bb1dc602f6312c9b6b5ce Reviewed-on: https://team-review.git.corp.google.com/c/golang/vulndb/+/1054739 Reviewed-by: Roland Shoemaker --- reports/GO-2020-0005.toml | 2 +- reports/GO-2021-0097.toml | 29 ++ reports/GO-2021-0098.toml | 43 +++ reports/GO-2021-0099.toml | 21 ++ triaged-cve-list | 557 +++++++++++++++++++++++++++++++++++++- 5 files changed, 645 insertions(+), 7 deletions(-) create mode 100644 reports/GO-2021-0097.toml create mode 100644 reports/GO-2021-0098.toml create mode 100644 reports/GO-2021-0099.toml diff --git a/reports/GO-2020-0005.toml b/reports/GO-2020-0005.toml index 93a597c..9440649 100644 --- a/reports/GO-2020-0005.toml +++ b/reports/GO-2020-0005.toml @@ -11,7 +11,7 @@ cve = "CVE-2020-15106" credit = "Trail of Bits" -symbols = ["WAL.ReadAll"] +symbols = ["WAL.ReadAll", "decoder.decodeRecord"] [[versions]] fixed = "v0.5.0-alpha.5.0.20200423152442-f4b650b51dc4" diff --git a/reports/GO-2021-0097.toml b/reports/GO-2021-0097.toml new file mode 100644 index 0000000..1ca1abf --- /dev/null +++ b/reports/GO-2021-0097.toml @@ -0,0 +1,29 @@ +module = "github.com/dhowden/tag" + +description = """ +Due to improper bounds checking a number of methods can trigger a panic due to attempted +out-of-bounds reads. If the package is used to parse user supplied input this may be +used as a vector for a denial of service attack. +""" + +cve = "CVE-2020-29242" + +credit = "@Jayl1n" + +symbols = [ + "readPICFrame", + "readAPICFrame", + "readTextWithDescrFrame", + "readAtomData" +] + +[[versions]] +fixed = "v0.0.0-20201120070457-d52dcb253c63" + +[links] +commit = "https://github.com/dhowden/tag/commit/d52dcb253c63a153632bfee5f269dd411dcd8e96" +context = [ + "https://github.com/dhowden/tag/commit/a92213460e4838490ce3066ef11dc823cdc1740e", + "https://github.com/dhowden/tag/commit/4b595ed4fac79f467594aa92f8953f90f817116e", + "https://github.com/dhowden/tag/commit/6b18201aa5c5535511802ddfb4e4117686b4866d" +] \ No newline at end of file diff --git a/reports/GO-2021-0098.toml b/reports/GO-2021-0098.toml new file mode 100644 index 0000000..27a1e67 --- /dev/null +++ b/reports/GO-2021-0098.toml @@ -0,0 +1,43 @@ +module = "github.com/git-lfs/git-lfs" +package = "github.com/git-lfs/git-lfs/commands" + +description = """ +Due to the standard library behavior of exec.LookPath on Windows a number of methods may +result in arbitary code execution when cloning or operating on untrusted Git repositories. +""" + +os = ["windows"] + +cve = "CVE-2021-21237" + +credit = "@Ry0taK" + +symbols = ["PipeCommand"] + +[[versions]] +fixed = "v1.5.1-0.20210113180018-fc664697ed2c" + +[[additional_packages]] +module = "github.com/git-lfs/git-lfs" +package = "github.com/git-lfs/git-lfs/creds" +symbols = ["AskPassCredentialHelper.getFromProgram", "commandCredentialHelper.Approve"] +[[additional_packages.versions]] +fixed = "v1.5.1-0.20210113180018-fc664697ed2c" + +[[additional_packages]] +module = "github.com/git-lfs/git-lfs" +package = "github.com/git-lfs/git-lfs/lfs" +symbols = ["pipeExtensions"] +[[additional_packages.versions]] +fixed = "v1.5.1-0.20210113180018-fc664697ed2c" + +[[additional_packages]] +module = "github.com/git-lfs/git-lfs" +package = "github.com/git-lfs/git-lfs/lfshttp" +symbols = ["sshAuthClient.Resolve"] +[[additional_packages.versions]] +fixed = "v1.5.1-0.20210113180018-fc664697ed2c" + +[links] +commit = "https://github.com/git-lfs/git-lfs/commit/fc664697ed2c2081ee9633010de0a7f9debea72a" +context = ["https://github.com/git-lfs/git-lfs/security/advisories/GHSA-cx3w-xqmc-84g5"] \ No newline at end of file diff --git a/reports/GO-2021-0099.toml b/reports/GO-2021-0099.toml new file mode 100644 index 0000000..d1e2a58 --- /dev/null +++ b/reports/GO-2021-0099.toml @@ -0,0 +1,21 @@ +module = "github.com/deislabs/oras" +package = "github.com/deislabs/oras/pkg/content" + +description = """ +Due to improper path validation, using the github.com/deislabs/oras/pkg/content.FileStore +content store may result in directory traversal during archive extraction, allowing a +malicious archive to write paths to arbitary paths that the process can write to. +""" + +cve = "CVE-2021-21272" + +credit = "Chris Smowton" + +symbols = ["extractTarDirectory"] + +[[versions]] +fixed = "v0.9.0" + +[links] +commit = "https://github.com/deislabs/oras/commit/96cd90423303f1bb42bd043cb4c36085e6e91e8e" +context = ["https://github.com/deislabs/oras/security/advisories/GHSA-g5v4-5x39-vwhx"] \ No newline at end of file diff --git a/triaged-cve-list b/triaged-cve-list index b6b4d11..b706abf 100644 --- a/triaged-cve-list +++ b/triaged-cve-list @@ -1,14 +1,556 @@ # This file contains a list of CVEs identified by cmd/cve-triage which may be # related to Go modules. It tracks which CVEs have already been triaged, which -# are false positives, and which are pending triaging. +# are false positives, and which are pending triage. # # The format of each line is as follows: # # -# may be one of the following: false-positive, triaged, pending -# -# When is false-positive, lines may end with a comment which indicates -# why they have been flagged so, e.g. "# non-importable code" or "# not go code". +# may be one of the following: +# false-positive CVE is not for importable Go code +# triaged CVE has been triaged and assigned a vulndb report +# pending CVE is awaiting triage + +CVE-2013-2124 false-positive +CVE-2013-2233 false-positive +CVE-2014-0177 false-positive +CVE-2014-3498 false-positive +CVE-2014-3971 false-positive +CVE-2014-4657 false-positive +CVE-2014-4658 false-positive +CVE-2014-4659 false-positive +CVE-2014-4660 false-positive +CVE-2014-4678 false-positive +CVE-2014-4966 false-positive +CVE-2014-4967 false-positive +CVE-2014-8178 false-positive +CVE-2014-8179 false-positive +CVE-2014-8682 false-positive +CVE-2014-9938 false-positive +CVE-2015-5237 false-positive +CVE-2015-5250 false-positive +CVE-2015-6240 false-positive +CVE-2015-7082 false-positive +CVE-2015-7528 false-positive +CVE-2015-7545 false-positive +CVE-2016-2315 false-positive +CVE-2016-2324 false-positive +CVE-2018-17456 false-positive +CVE-2020-11008 false-positive +CVE-2020-12278 false-positive +CVE-2020-12279 false-positive +CVE-2020-5260 false-positive +CVE-2021-21300 false-positive +CVE-2015-7561 false-positive +CVE-2015-8222 false-positive +CVE-2015-8945 false-positive +CVE-2015-9258 false-positive +CVE-2015-9259 false-positive +CVE-2015-9282 false-positive +CVE-2016-1133 false-positive +CVE-2016-1544 false-positive +CVE-2016-1587 false-positive +CVE-2016-1905 false-positive +CVE-2016-1906 false-positive +CVE-2016-216 false-positive +CVE-2016-2183 false-positive +CVE-2016-3096 false-positive +CVE-2016-3711 false-positive +CVE-2016-4817 false-positive +CVE-2016-4864 false-positive +CVE-2016-6349 false-positive +CVE-2016-6494 false-positive +CVE-2016-7063 false-positive +CVE-2016-7064 false-positive +CVE-2016-7075 false-positive +CVE-2016-7569 false-positive +CVE-2016-7835 false-positive +CVE-2016-8579 false-positive +CVE-2016-9274 false-positive +CVE-2017-1000056 false-positive +CVE-2017-1000069 false-positive +CVE-2017-1000070 false-positive +CVE-2017-1000420 false-positive +CVE-2017-1000459 false-positive +CVE-2017-1000492 false-positive +CVE-2017-1002100 false-positive +CVE-2017-1002101 false-positive +CVE-2017-1002102 false-positive +CVE-2017-10868 false-positive +CVE-2017-10869 false-positive +CVE-2017-10872 false-positive +CVE-2017-10908 false-positive +CVE-2017-14178 false-positive +CVE-2017-14623 false-positive +CVE-2017-14992 false-positive +CVE-2017-15104 false-positive +CVE-2017-16539 false-positive +CVE-2017-17697 false-positive +CVE-2017-2428 false-positive +CVE-2017-7297 false-positive +CVE-2017-7481 false-positive +CVE-2017-7550 false-positive +CVE-2017-7860 false-positive +CVE-2017-7861 false-positive +CVE-2017-8359 false-positive +CVE-2017-9431 false-positive +CVE-2018-0608 false-positive +CVE-2018-1000803 false-positive +CVE-2018-1000816 false-positive +CVE-2018-1002100 false-positive +CVE-2018-1002101 false-positive +CVE-2018-1002102 false-positive +CVE-2018-1002103 false-positive +CVE-2018-1002104 false-positive +CVE-2018-1002105 false-positive +CVE-2018-1002207 false-positive +CVE-2018-10055 false-positive +CVE-2018-10856 false-positive +CVE-2018-10892 false-positive +CVE-2018-10937 false-positive +CVE-2018-12099 false-positive +CVE-2018-12608 false-positive +CVE-2018-12678 false-positive +CVE-2018-12976 false-positive +CVE-2018-14474 false-positive +CVE-2018-15178 false-positive +CVE-2018-15192 false-positive +CVE-2018-15193 false-positive +CVE-2018-15598 false-positive +CVE-2018-15664 false-positive +CVE-2018-15747 false-positive +CVE-2018-15869 false-positive +CVE-2018-16316 false-positive +CVE-2018-16359 false-positive +CVE-2018-16398 false-positive +CVE-2018-16409 false-positive +CVE-2018-16733 false-positive +CVE-2018-16859 false-positive +CVE-2018-16876 false-positive +CVE-2018-17031 false-positive +CVE-2018-18264 false-positive +CVE-2018-18553 false-positive +CVE-2018-18623 false-positive +CVE-2018-18624 false-positive +CVE-2018-18625 false-positive +CVE-2018-18925 false-positive +CVE-2018-18926 false-positive +CVE-2018-19114 false-positive +CVE-2018-19148 false-positive +CVE-2018-19184 false-positive +CVE-2018-19295 false-positive +CVE-2018-19333 false-positive +CVE-2018-19367 false-positive +CVE-2018-19466 false-positive +CVE-2018-19653 false-positive +CVE-2018-19786 false-positive +CVE-2018-19793 false-positive +CVE-2018-1098 false-positive +CVE-2018-1099 false-positive +CVE-2018-20303 false-positive +CVE-2018-20421 false-positive +CVE-2018-20699 false-positive +CVE-2018-21034 false-positive +CVE-2018-21233 false-positive +CVE-2018-7575 false-positive +CVE-2018-7576 false-positive +CVE-2018-7577 false-positive +CVE-2018-8825 false-positive +CVE-2018-9057 false-positive +CVE-2019-1000002 false-positive +CVE-2019-1002100 false-positive +CVE-2019-1002101 false-positive +CVE-2019-1010003 false-positive +CVE-2019-1010261 false-positive +CVE-2019-1010275 false-positive +CVE-2019-1010314 false-positive +CVE-2019-1020009 false-positive +CVE-2019-1020014 false-positive +CVE-2019-1020015 false-positive +CVE-2019-10152 false-positive +CVE-2019-10156 false-positive +CVE-2019-10165 false-positive +CVE-2019-10200 false-positive +CVE-2019-10217 false-positive +CVE-2019-10223 false-positive +CVE-2019-10743 false-positive +CVE-2019-11043 false-positive +CVE-2019-11228 false-positive +CVE-2019-11229 false-positive +CVE-2019-11243 false-positive +CVE-2019-11244 false-positive +CVE-2019-11245 false-positive +CVE-2019-11246 false-positive +CVE-2019-11247 false-positive +CVE-2019-11248 false-positive +CVE-2019-11249 false-positive +CVE-2019-11251 false-positive +CVE-2019-11252 false-positive +CVE-2019-11255 false-positive +CVE-2019-11328 false-positive +CVE-2019-11405 false-positive +CVE-2019-11471 false-positive +CVE-2019-11502 false-positive +CVE-2019-11503 false-positive +CVE-2019-11576 false-positive +CVE-2019-11641 false-positive +CVE-2019-11881 false-positive +CVE-2019-11938 false-positive +CVE-2019-12291 false-positive +CVE-2019-12452 false-positive +CVE-2019-12494 false-positive +CVE-2019-12618 false-positive +CVE-2019-12995 false-positive +CVE-2019-12999 false-positive +CVE-2019-13068 false-positive +CVE-2019-13139 false-positive +CVE-2019-13915 false-positive +CVE-2019-14243 false-positive +CVE-2019-14255 false-positive +CVE-2019-14271 false-positive +CVE-2019-14544 false-positive +CVE-2019-14846 false-positive +CVE-2019-14864 false-positive +CVE-2019-14904 false-positive +CVE-2019-14940 false-positive +CVE-2019-14993 false-positive +CVE-2019-15043 false-positive +CVE-2019-15119 false-positive +CVE-2019-15225 false-positive +CVE-2019-15226 false-positive +CVE-2019-15562 false-positive +CVE-2019-15716 false-positive +CVE-2019-16060 false-positive +CVE-2019-16097 false-positive +CVE-2019-16146 false-positive +CVE-2019-16214 false-positive +CVE-2019-16355 false-positive +CVE-2019-16778 false-positive +CVE-2019-16919 false-positive +CVE-2019-18466 false-positive +CVE-2019-18657 false-positive +CVE-2019-18801 false-positive +CVE-2019-18802 false-positive +CVE-2019-18817 false-positive +CVE-2019-18836 false-positive +CVE-2019-18838 false-positive +CVE-2019-18923 false-positive +CVE-2019-19023 false-positive +CVE-2019-19025 false-positive +CVE-2019-19026 false-positive +CVE-2019-19029 false-positive +CVE-2019-19316 false-positive +CVE-2019-19335 false-positive +CVE-2019-19349 false-positive +CVE-2019-19350 false-positive +CVE-2019-19724 false-positive +CVE-2019-19922 false-positive +CVE-2019-20329 false-positive +CVE-2019-20372 false-positive +CVE-2019-20377 false-positive +CVE-2019-20894 false-positive +CVE-2019-20933 false-positive +CVE-2019-25014 false-positive +CVE-2019-3552 false-positive +CVE-2019-3553 false-positive +CVE-2019-3558 false-positive +CVE-2019-3559 false-positive +CVE-2019-3565 false-positive +CVE-2019-3826 false-positive +CVE-2019-3828 false-positive +CVE-2019-3841 false-positive +CVE-2019-3990 false-positive +CVE-2019-5736 false-positive +CVE-2019-6035 false-positive +CVE-2019-8336 false-positive +CVE-2019-8400 false-positive +CVE-2019-9547 false-positive +CVE-2019-9635 false-positive +CVE-2019-9764 false-positive +CVE-2019-9900 false-positive +CVE-2019-9901 false-positive +CVE-2019-9946 false-positive +CVE-2020-10660 false-positive +CVE-2020-10661 false-positive +CVE-2020-10685 false-positive +CVE-2020-10691 false-positive +CVE-2020-10696 false-positive +CVE-2020-10706 false-positive +CVE-2020-10712 false-positive +CVE-2020-10715 false-positive +CVE-2020-10749 false-positive +CVE-2020-10750 false-positive +CVE-2020-10763 false-positive +CVE-2020-10944 false-positive +CVE-2020-11012 false-positive +CVE-2020-11013 false-positive +CVE-2020-11053 false-positive +CVE-2020-11080 false-positive +CVE-2020-11091 false-positive +CVE-2020-11110 false-positive +CVE-2020-11498 false-positive +CVE-2020-11576 false-positive +CVE-2020-11710 false-positive +CVE-2020-11767 false-positive +CVE-2020-12118 false-positive +CVE-2020-12245 false-positive +CVE-2020-12283 false-positive +CVE-2020-12458 false-positive +CVE-2020-12459 false-positive +CVE-2020-12603 false-positive +CVE-2020-12604 false-positive +CVE-2020-12605 false-positive +CVE-2020-12757 false-positive +CVE-2020-12758 false-positive +CVE-2020-12797 false-positive +CVE-2020-13170 false-positive +CVE-2020-13223 false-positive +CVE-2020-13246 false-positive +CVE-2020-13250 false-positive +CVE-2020-13401 false-positive +CVE-2020-13430 false-positive +CVE-2020-13449 false-positive +CVE-2020-13450 false-positive +CVE-2020-13451 false-positive +CVE-2020-13452 false-positive +CVE-2020-13597 false-positive +CVE-2020-13788 false-positive +CVE-2020-13794 false-positive +CVE-2020-14144 false-positive +CVE-2020-14306 false-positive +CVE-2020-14330 false-positive +CVE-2020-14332 false-positive +CVE-2020-14958 false-positive +CVE-2020-15104 false-positive +CVE-2020-15127 false-positive +CVE-2020-15129 false-positive +CVE-2020-15157 false-positive +CVE-2020-15184 false-positive +CVE-2020-15185 false-positive +CVE-2020-15186 false-positive +CVE-2020-15187 false-positive +CVE-2020-15190 false-positive +CVE-2020-15191 false-positive +CVE-2020-15192 false-positive +CVE-2020-15193 false-positive +CVE-2020-15194 false-positive +CVE-2020-15195 false-positive +CVE-2020-15196 false-positive +CVE-2020-15197 false-positive +CVE-2020-15198 false-positive +CVE-2020-15199 false-positive +CVE-2020-15200 false-positive +CVE-2020-15201 false-positive +CVE-2020-15202 false-positive +CVE-2020-15203 false-positive +CVE-2020-15204 false-positive +CVE-2020-15205 false-positive +CVE-2020-15206 false-positive +CVE-2020-15207 false-positive +CVE-2020-15208 false-positive +CVE-2020-15209 false-positive +CVE-2020-15210 false-positive +CVE-2020-15211 false-positive +CVE-2020-15212 false-positive +CVE-2020-15213 false-positive +CVE-2020-15214 false-positive +CVE-2020-15254 false-positive +CVE-2020-15257 false-positive +CVE-2020-15265 false-positive +CVE-2020-15266 false-positive +CVE-2020-15391 false-positive +CVE-2020-16248 false-positive +CVE-2020-16250 false-positive +CVE-2020-16251 false-positive +CVE-2020-16844 false-positive +CVE-2020-1733 false-positive +CVE-2020-1734 false-positive +CVE-2020-1735 false-positive +CVE-2020-1736 false-positive +CVE-2020-1737 false-positive +CVE-2020-1738 false-positive +CVE-2020-1739 false-positive +CVE-2020-1740 false-positive +CVE-2020-1746 false-positive +CVE-2020-24263 false-positive +CVE-2020-24264 false-positive +CVE-2020-24303 false-positive +CVE-2020-24356 false-positive +CVE-2020-24707 false-positive +CVE-2020-24708 false-positive +CVE-2020-24710 false-positive +CVE-2020-24711 false-positive +CVE-2020-24712 false-positive +CVE-2020-25017 false-positive +CVE-2020-25018 false-positive +CVE-2020-25201 false-positive +CVE-2020-25816 false-positive +CVE-2020-25989 false-positive +CVE-2020-26222 false-positive +CVE-2020-26266 false-positive +CVE-2020-26267 false-positive +CVE-2020-26268 false-positive +CVE-2020-26269 false-positive +CVE-2020-26270 false-positive +CVE-2020-26271 false-positive +CVE-2020-26276 false-positive +CVE-2020-26277 false-positive +CVE-2020-26278 false-positive +CVE-2020-26279 false-positive +CVE-2020-26283 false-positive +CVE-2020-26284 false-positive +CVE-2020-26290 false-positive +CVE-2020-26294 false-positive +CVE-2020-26521 false-positive +CVE-2020-26892 false-positive +CVE-2020-27151 false-positive +CVE-2020-27195 false-positive +CVE-2020-27534 false-positive +CVE-2020-27955 false-positive +CVE-2020-28053 false-positive +CVE-2020-28348 false-positive +CVE-2020-28349 false-positive +CVE-2020-28466 false-positive +CVE-2020-28914 false-positive +CVE-2020-28924 false-positive +CVE-2020-28991 false-positive +CVE-2020-29662 false-positive +CVE-2020-2023 false-positive +CVE-2020-35137 false-positive +CVE-2020-35138 false-positive +CVE-2020-35177 false-positive +CVE-2020-35453 false-positive +CVE-2020-35470 false-positive +CVE-2020-35471 false-positive +CVE-2020-36066 false-positive +CVE-2020-3996 false-positive +CVE-2020-4037 false-positive +CVE-2020-4053 false-positive +CVE-2020-5215 false-positive +CVE-2020-5233 false-positive +CVE-2020-5300 false-positive +CVE-2020-5415 false-positive +CVE-2020-6016 false-positive +CVE-2020-6017 false-positive +CVE-2020-6018 false-positive +CVE-2020-6019 false-positive +CVE-2020-7218 false-positive +CVE-2020-7219 false-positive +CVE-2020-7220 false-positive +CVE-2020-7665 false-positive +CVE-2020-7666 false-positive +CVE-2020-7669 false-positive +CVE-2020-7955 false-positive +CVE-2020-7956 false-positive +CVE-2020-8551 false-positive +CVE-2020-8552 false-positive +CVE-2020-8553 false-positive +CVE-2020-8554 false-positive +CVE-2020-8555 false-positive +CVE-2020-8557 false-positive +CVE-2020-8558 false-positive +CVE-2020-8559 false-positive +CVE-2020-8563 false-positive +CVE-2020-8566 false-positive +CVE-2020-8569 false-positive +CVE-2020-8595 false-positive +CVE-2020-8659 false-positive +CVE-2020-8660 false-positive +CVE-2020-8661 false-positive +CVE-2020-8663 false-positive +CVE-2020-8664 false-positive +CVE-2020-8826 false-positive +CVE-2020-8827 false-positive +CVE-2020-8828 false-positive +CVE-2020-8843 false-positive +CVE-2020-8927 false-positive +CVE-2020-8929 false-positive +CVE-2020-9321 false-positive +CVE-2020-9329 false-positive +CVE-2021-20198 false-positive +CVE-2021-20199 false-positive +CVE-2021-20218 false-positive +CVE-2021-20291 false-positive +CVE-2021-21284 false-positive +CVE-2021-21285 false-positive +CVE-2021-21287 false-positive +CVE-2021-21291 false-positive +CVE-2021-21296 false-positive +CVE-2021-21303 false-positive +CVE-2021-21334 false-positive +CVE-2021-21362 false-positive +CVE-2021-21363 false-positive +CVE-2021-21364 false-positive +CVE-2021-21378 false-positive +CVE-2021-21390 false-positive +CVE-2021-21404 false-positive +CVE-2021-21411 false-positive +CVE-2021-21432 false-positive +CVE-2021-22538 false-positive +CVE-2021-23345 false-positive +CVE-2021-23347 false-positive +CVE-2021-23351 false-positive +CVE-2021-23357 false-positive +CVE-2021-23827 false-positive +CVE-2021-25313 false-positive +CVE-2021-26921 false-positive +CVE-2021-26923 false-positive +CVE-2021-26924 false-positive +CVE-2021-27098 false-positive +CVE-2021-27099 false-positive +CVE-2021-27358 false-positive +CVE-2021-27375 false-positive +CVE-2021-27935 false-positive +CVE-2021-27940 false-positive +CVE-2021-28361 false-positive +CVE-2021-28378 false-positive +CVE-2021-28681 false-positive +CVE-2021-28954 false-positive +CVE-2021-28955 false-positive +CVE-2021-29136 false-positive +CVE-2021-29271 false-positive +CVE-2021-29272 false-positive +CVE-2021-29417 false-positive +CVE-2021-29651 false-positive +CVE-2021-29652 false-positive +CVE-2021-3344 false-positive +CVE-2021-3382 false-positive +CVE-2021-3391 false-positive +CVE-2016-9962 false-positive +CVE-2018-1000400 false-positive +CVE-2018-1000538 false-positive +CVE-2018-17572 false-positive +CVE-2018-20744 false-positive +CVE-2019-13126 false-positive +CVE-2020-10752 false-positive +CVE-2020-15112 false-positive # covered by GO-2020-0005 +CVE-2020-15113 false-positive +CVE-2020-15114 false-positive +CVE-2020-15115 false-positive +CVE-2020-15136 false-positive +CVE-2020-15223 false-positive +CVE-2020-15233 false-positive +CVE-2020-15234 false-positive +CVE-2020-24359 false-positive +CVE-2020-26240 false-positive +CVE-2020-26241 false-positive +CVE-2020-26242 false-positive +CVE-2020-26265 false-positive +CVE-2020-29243 false-positive # covered by GO-2021-0097 +CVE-2020-29244 false-positive # covered by GO-2021-0097 +CVE-2020-29245 false-positive # covered by GO-2021-0097 +CVE-2020-29510 false-positive +CVE-2020-29511 false-positive +CVE-2020-2024 false-positive +CVE-2020-2025 false-positive +CVE-2020-2026 false-positive +CVE-2020-36066 false-positive +CVE-2020-5303 false-positive +CVE-2021-21271 false-positive +CVE-2021-25834 false-positive +CVE-2021-25835 false-positive +CVE-2021-25836 false-positive +CVE-2021-25837 false-positive +CVE-2016-2160 false-positive CVE-2018-17846 triaged GO-2020-0014 CVE-2020-35381 triaged GO-2021-0057 @@ -74,4 +616,7 @@ CVE-2020-7668 triaged GO-2020-0041 CVE-2018-21246 triaged GO-2020-0043 CVE-2021-3121 triaged GO-2021-0053 CVE-2019-10214 triaged GO-2021-0081 -CVE-2017-15133 triaged GO-2020-0006 \ No newline at end of file +CVE-2017-15133 triaged GO-2020-0006 +CVE-2020-29242 triaged GO-2021-0097 +CVE-2021-21237 triaged GO-2021-0098 +CVE-2021-21272 triaged GO-2021-0099 \ No newline at end of file